Randy Morgan via FreeIPA-users wrote:
> IPA2 was removed from the replica set and reinstalled to correct some OS
> issues (twice). After that it was brought back in as a replica again.
> IPA2 has become corrupted and we are unable to update the subsystem
> certs. It is the last standing replica
IPA2 was removed from the replica set and reinstalled to correct some OS
issues (twice). After that it was brought back in as a replica again.
IPA2 has become corrupted and we are unable to update the subsystem
certs. It is the last standing replica for the original cluster. The
image of
What do you mean by ‘rebuilt’? Also: is that image a CA master and how does it
fail when you run it with the clock turned back and network
unplugged/firewalled?
John
> On 27 Sep 2019, at 00:10, Randy Morgan via FreeIPA-users
> wrote:
>
> Tried everything you just suggested, and it doesn't
Tried everything you just suggested, and it doesn't work. Yes this is a
recovery option, our environment has become damaged somehow, uncertain
of all that happened. This image gives us a path forward, but I need
these replication agreements to go away and the image to become a stand
alone
You could turn the clock back, remove the agreements, renew the certs to a
future date, shutdown, reset the clock and renew again to get up and running.
Make sure you’re doing it while the system is offline to prevent NTP.
Also: make sure you don’t run in to this again by making regular recovery